Edit log path configurations
- UpdatedFeb 1, 2024
- 2 minutes to read
- Washington DC
- IT Operations Management
Modify a log path configuration in the log shipper check instance.
Before you begin
Role required: evt_mgmt_admin
Procedure
- Navigate to All > ACC Log Analytics > ACC Log Policies.
- Select a policy record.
- In the Check instances related list, select the log shipper check instance record.
- Select Edit in Sandbox to enable editing the record.
-
On the Log path configuration related list, edit a log path configuration.
- Select the log path configuration that you want to edit.
-
Edit the configuration.
- You can add custom fields, allowing you to include additional information in the output.
- You can add extra configuration options, such as
encoding
,include_lines
, andexclude_lines
, to filter your log data. For information about discovering file encoding, see the How to Detect File Encoding on Windows, Linux and Mac [KB1702770] article in the Now Support Knowledge Base.These configuration options impact all the files that the data input streams to your instance.
Note: Define only configuration options that are supported by Filebeat. For more information, see the Log input Configuration options description in the Elastic documentation.
- Select Update to save your edits.
- (Optional)
Add an environment variable or edit an existing one in the Path field.
Use the relevant format for its name:
- On Linux, capitalize the name and precede it with a dollar sign: $. For example:
$HOME
. The name is case sensitive. - On Windows, surround the name with percentage signs: %. For example:
%HOMEPATH%
. The name is not case sensitive.
Important: The servicenow user and ACC agent must have access to the environment variable. On Linux systems, only environment variables that reside in the /etc/environment file are accessible. Add the environment variable to this file using the format <NAME>='<VALUE>'. - On Linux, capitalize the name and precede it with a dollar sign: $. For example:
- (Optional)
Delete a log path.
-
Check the box next to the log path configuration that you want to delete.
Note: You can select multiple log path configurations, but a check must have at least one log path configured for it to enable streaming logs. For more information about checks, see Checks and policies.
- Select Delete.
-
Check the box next to the log path configuration that you want to delete.
- Select Return to policy to go back to the log policy record.
-
Select Republish and then confirm to publish the policy again with the updated log path configurations.
The changes take effect in a few minutes.